7 matches found
Debian DLA-93-1 : libgcrypt11 security update
Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack see http://www.cs.tau.ac.il/tromer/handsoff/. This is fixed in Squeeze in version 1.4.5-2+squeeze...
DLA-93-1 libgcrypt11 - security update
Bulletin has no description...
Debian DSA-3073-1 : libgcrypt11 - security update
Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
CVE-2014-4617
The douncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service infinite loop via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence...
Debian DSA-2730-1 : gnupg - information leak
Yarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. This update fixes this issue for the 1.4 series of GnuPG. GnuPG 2.x is affected through its use of the...
[SECURITY] [DSA 2731-1] libgcrypt11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2731-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst July 29, 2013 http://www.debian.org/security/faq -...
CVE-2010-2547
Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...